Overview
Manage user accounts including creation, updates, and role assignments. User management is restricted to administrators.
Only users with admin role can create, update, or delete users. Other roles have read-only access to basic user information.
Authentication
Requires valid JWT token.
Authorization: Bearer <token>
List All Users
GET /api/users
curl -X GET http://localhost:3001/api/users \
-H "Authorization: Bearer YOUR_TOKEN"
Response Fields
Role-Based Filtering: Non-admin users receive limited information (no permissions or creation dates). Admin and calidad roles receive full user details.
Badge number (used for login)
Assigned shift (A, B, C, etc.)
User role: admin, calidad, supervisor, operador
Status: 1 = active, 0 = inactive
JSON string of permission flags (admin/calidad only)
Account creation timestamp (admin/calidad only)
Response Example
[
{
"id": 1,
"nombre": "Juan",
"apellido": "Pérez",
"gafete": "admin",
"turno": "A",
"area": "Administración",
"tipo": "admin",
"activo": 1,
"permisos": null,
"created_at": "2024-01-15T08:00:00.000Z"
},
{
"id": 2,
"nombre": "María",
"apellido": "García",
"gafete": "calidad",
"turno": "A",
"area": "Calidad",
"tipo": "calidad",
"activo": 1,
"permisos": null,
"created_at": "2024-01-20T09:00:00.000Z"
}
]
Get User by ID
GET /api/users/:id
curl -X GET http://localhost:3001/api/users/1 \
-H "Authorization: Bearer YOUR_TOKEN"
Response (200 OK)
{
"id": 1,
"nombre": "Juan",
"apellido": "Pérez",
"gafete": "admin",
"turno": "A",
"area": "Administración",
"tipo": "admin",
"activo": 1,
"permisos": null,
"created_at": "2024-01-15T08:00:00.000Z"
}
Error (404 Not Found)
{
"error": "Usuario no encontrado"
}
Create User
POST /api/users
Admin Only: Only users with admin role can create new users.
Request Body
Badge number (must be unique)
Role: admin, calidad, supervisor, operador
Password (will be bcrypt hashed)
curl -X POST http://localhost:3001/api/users \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"nombre": "Carlos",
"apellido": "Ramírez",
"gafete": "12345",
"turno": "A",
"area": "Ensamble",
"tipo": "supervisor",
"contra": "temporal123"
}'
Response (201 Created)
{
"id": 15,
"nombre": "Carlos",
"apellido": "Ramírez",
"gafete": "12345",
"turno": "A",
"area": "Ensamble",
"tipo": "supervisor",
"activo": 1
}
Errors
400 Bad Request - Duplicate Badge
{
"error": "El gafete ya existe"
}
{
"error": "Sin permisos suficientes"
}
Update User
PUT /api/users/:id
Admin Only: Only administrators can update user accounts.
Request Body (All Optional)
New password (will be hashed)
Status (1 = active, 0 = inactive)
curl -X PUT http://localhost:3001/api/users/15 \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"area": "Moldeo", "turno": "B"}'
Response (200 OK)
Delete User
DELETE /api/users/:id
Soft Delete: Users are deactivated (activo = 0) rather than physically deleted. They cannot delete their own account.
curl -X DELETE http://localhost:3001/api/users/15 \
-H "Authorization: Bearer YOUR_TOKEN"
Response (200 OK)
Error (400 Bad Request)
{
"error": "No puedes desactivar tu propia cuenta"
}
TypeScript Interface
export interface Usuario {
id: number;
nombre: string;
apellido: string;
gafete: string;
turno: string;
area: string;
tipo: 'admin' | 'calidad' | 'supervisor' | 'operador';
contra: string; // hashed password
activo: number;
permisos?: string; // JSON string
created_at?: string;
}
Audit Trail
All user management operations are logged:
- Create: Action
'crear', Entity 'usuarios'
- Update: Action
'editar', Entity 'usuarios'
- Delete: Action
'eliminar', Entity 'usuarios'